From ebd1aeb05a3c83087d303a9ce887b068166662ce Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Tue, 11 Jan 2022 21:31:25 +0100
Subject: [PATCH] Introduce new stage 2 backup strategy

---
 hosts/clerie-backup/configuration.nix | 16 ++++++++++++++++
 hosts/palladium/configuration.nix     | 20 +++++---------------
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/hosts/clerie-backup/configuration.nix b/hosts/clerie-backup/configuration.nix
index a25cbce..915cc1e 100644
--- a/hosts/clerie-backup/configuration.nix
+++ b/hosts/clerie-backup/configuration.nix
@@ -75,6 +75,22 @@
   # fix borgbackup primary grouping
   users.users.borg.group = "borg";
 
+  services.borgbackup.jobs = {
+    backup-replication-palladium = {
+      paths = [
+        "/mnt/clerie-backup"
+      ];
+      doInit = true;
+      repo =  "borg@palladium.net.clerie.de:." ;
+      encryption = {
+        mode = "none";
+      };
+      environment = { BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-palladium"; };
+      compression = "auto,lzma";
+      startAt = "weekly";
+    };
+  };
+
   users.users.backup-replication = {
     isNormalUser = true;
     group = "backup-replication";
diff --git a/hosts/palladium/configuration.nix b/hosts/palladium/configuration.nix
index 4676b26..c2b0bd4 100644
--- a/hosts/palladium/configuration.nix
+++ b/hosts/palladium/configuration.nix
@@ -24,21 +24,11 @@
     KERNEL=="sd?[0-9]", ENV{ID_MODEL}=="ST1000DM003-1SB102", ACTION=="add", RUN+="${pkgs.hdparm}/sbin/hdparm -S 24 /dev/%k"
   '';
 
-  services.rsnapshot = {
-    enable = true;
-    extraConfig = ''
-      snapshot_root	/mnt/palladium/
-      rsync_short_args	-rltD
-      retain	alpha	14
-      ssh_args	-o BatchMode=yes -o IdentityFile=/var/src/secrets/rsnapshot/id_rsa
-      backup	backup-replication@clerie-backup.net.clerie.de:/clerie-backup-replication/*	clerie-backup/
-    '';
-    # rsync_short_args
-    # -a -> -rlptgoD
-    # -rltD ist wie -a nur das alle Dateiberechtigungen und Besitzangabe ignoriert werden
-    cronIntervals = {
-      alpha = "0 9 * * * ";
-    };
+  services.borgbackup.repos.clerie-backup = {
+    path = "/mnt/palladium/clerie-backup";
+    authorizedKeysAppendOnly = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyk716RnbenPMkhLolyIkU8ywUSg8x7hjsXFFQoJx4I root@clerie-backup"
+    ];
   };
 
   clerie.monitoring = {